[midPoint] Delegated administrator

Petr Gašparík petr at gasparik.cz
Mon Aug 3 13:46:42 CEST 2015 

Thank you, Ivan, this is for 3.1.1 ... I can see users and their
attributes, but I can't create new one - see below.

[image: Clip398.png]


po 3. 8. 2015 v 8:36 odesílatel Ivan Noris <ivan.noris at evolveum.com> napsal:

> Hi Petr,
>
> please check the *GUI* authorization namespaces, there was a change for
> the upcoming 3.2.
>
> e.g. http://midpoint.evolveum.com/xml/ns/public/security/authorization
> *-ui*-3#dashboard
>
> The End User and Superuser role are already modified in XML files, not
> sure about the documentation...
>
> Please try.
> Regards,
> Ivan
>
>
> On 07/31/2015 05:24 PM, Petr Gašparík wrote:
>
> Hi,
> I tried to setup delegated administrator for organization (user
> management + workflow tasks) and ended with role like below. This, assigned
> to user, does not allow him to see attributes when creating user, thus
> admin can't enter values into them (name, for example).
>
> What am I missing? Is there example for delegated administrator? (I
> checked web and git already)
>
> regards
> Petr G.
>
> -------------------------------------------
>
> <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>       xmlns:icfs="
> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
> "
>       xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>       xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>       xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>       xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>       oid="delegatedAdmin"
>       version="23">
>    <name>Delegated administrator</name>
>    <activation>
>       <effectiveStatus>enabled</effectiveStatus>
>    </activation>
>    <iteration>0</iteration>
>    <iterationToken/>
>    <authorization id="1">
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
> </action>
>       <object>
>          <type>OrgType</type>
>       </object>
>       <object>
>          <type>ResourceType</type>
>       </object>
>       <object>
>          <type>RoleType</type>
>       </object>
>       <object>
>          <type>ShadowType</type>
>       </object>
>       <object>
>          <type>UserType</type>
>          <orgRef xmlns:tns="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>                  oid="3404b331-57c0-4bef-b699-0192ce8d728b"
>                  type="tns:OrgType"></orgRef>
>       </object>
>    </authorization>
>    <authorization id="2">
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#dashboard
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#myPasswords
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#users
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#userDetails
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#findUsers
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#orgTree
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItems
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItem
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsMyRequests
> </action>
>       <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsProcessInstance
> </action>
>    </authorization>
> </role>
> --
> --
> Petr G.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper Id(e)M Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-- 
--
Petr G.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150803/f83adbf5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Clip398.png
Type: image/png
Size: 30488 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150803/f83adbf5/attachment.png>

More information about the midPoint mailing list